Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- clear
- # extract ip address
- IPADDRESS=$(wget -qO- ipv4.icanhazip.com)
- IPADD="s/ipaddresxxx/$IPADDRESS/g";
- # clean repo
- #apt-get clean
- # Remove obsolette packages after installation
- #apt-get autoremove -y
- # Removing some firewall tools that may affect other services
- #apt-get remove --purge ufw firewalld -y
- # Installing some important machine essentials
- #apt-get install nano wget curl zip unzip tar gzip p7zip-full bc rc openssl cron net-tools dnsutils dos2unix screen bzip2 ccrypt -y
- # update repo
- apt-get update
- apt-get upgrade -y
- # install packages
- apt-get install openvpn wget curl zip unzip net-tools openssl -y
- # openvpn ca cert
- cat > /etc/openvpn/ca.crt <<-END
- -----BEGIN CERTIFICATE-----
- MIIDqDCCAxGgAwIBAgIJAJbHO6cNgg5mMA0GCSqGSIb3DQEBCwUAMIGVMQswCQYD
- VQQGEwJQSDELMAkGA1UECBMCQkExFTATBgNVBAcTDEJha2xldGEgQ2l0eTENMAsG
- A1UEChMEQkFLUzENMAsGA1UECxMEYmFrczEQMA4GA1UEAxMHQkFLUyBDQTENMAsG
- A1UEKRMEYmFrczEjMCEGCSqGSIb3DQEJARYUYmFrc0BiYWtsZXRhLm1hcnMucGgw
- HhcNMjAwMzA3MDAxMzE4WhcNMzAwMzA1MDAxMzE4WjCBlTELMAkGA1UEBhMCUEgx
- CzAJBgNVBAgTAkJBMRUwEwYDVQQHEwxCYWtsZXRhIENpdHkxDTALBgNVBAoTBEJB
- S1MxDTALBgNVBAsTBGJha3MxEDAOBgNVBAMTB0JBS1MgQ0ExDTALBgNVBCkTBGJh
- a3MxIzAhBgkqhkiG9w0BCQEWFGJha3NAYmFrbGV0YS5tYXJzLnBoMIGfMA0GCSqG
- SIb3DQEBAQUAA4GNADCBiQKBgQDGdtQUYh7LFzeYKFWaF76T3AVDm9llD5rPlV5V
- zOanlrplHcSWqdUbGoiVqKVglvjP2Akdlgee8ltsMhq3xAGHfA41Uf8d2OlANKmk
- Y3X2N4iTiD4u87UMlIPxQOPCx1sEfFlDx1xABeiNbE6acymEq0B/3ShVgwHqEAHi
- s5kyMQIDAQABo4H9MIH6MB0GA1UdDgQWBBQkOOwCO0fCAcNNM9O5/nkXCgzYqDCB
- ygYDVR0jBIHCMIG/gBQkOOwCO0fCAcNNM9O5/nkXCgzYqKGBm6SBmDCBlTELMAkG
- A1UEBhMCUEgxCzAJBgNVBAgTAkJBMRUwEwYDVQQHEwxCYWtsZXRhIENpdHkxDTAL
- BgNVBAoTBEJBS1MxDTALBgNVBAsTBGJha3MxEDAOBgNVBAMTB0JBS1MgQ0ExDTAL
- BgNVBCkTBGJha3MxIzAhBgkqhkiG9w0BCQEWFGJha3NAYmFrbGV0YS5tYXJzLnBo
- ggkAlsc7pw2CDmYwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQADmisI
- ZE1sQzCu6uJxP+F9tX18KYOIjj7yL4qVs2PKRZn3CnhcWzmvGEHsJ3yiBG6G58e3
- ujKd9gSEe5IBEEfSePRobDcLYWN4O17VUGGhD9UpxjDPoJUXWxAwllAwlU0PJnyO
- Y3h8z8+EmWigsZAb9DHbB7trqh/7QmwolDvd9w==
- -----END CERTIFICATE-----
- END
- # ovpn server crt
- cat > /etc/openvpn/server.crt <<-END
- Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 1 (0x1)
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: C=PH, ST=BA, L=Bakleta City, O=BAKS, OU=baks, CN=BAKS CA/name=baks/emailAddress=baks@bakleta.mars.ph
- Validity
- Not Before: Mar 7 00:13:18 2020 GMT
- Not After : Mar 5 00:13:18 2030 GMT
- Subject: C=PH, ST=BA, L=Bakleta City, O=BAKS, OU=baks, CN=server/name=baks/emailAddress=baks@bakleta.mars.ph
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (1024 bit)
- Modulus:
- 00:c1:09:e2:b0:51:1f:59:38:94:35:fa:fe:bf:df:
- 5c:19:92:ec:fd:69:ee:70:08:4a:17:87:09:81:fa:
- 4e:e7:6d:81:b8:c9:03:47:42:67:88:be:71:6b:7a:
- 77:3f:56:46:19:24:eb:06:5d:ca:f7:23:ff:67:1c:
- 5e:0a:8b:62:a6:f4:30:88:1b:ba:89:f5:cc:a7:62:
- cd:23:74:f7:1b:4a:ce:63:04:47:87:fa:01:04:86:
- bf:8e:c4:bf:6a:31:99:2d:d4:86:76:d5:2d:de:17:
- 8b:ec:15:40:db:66:dd:21:4e:ac:b5:e7:96:a2:0a:
- 37:f1:ed:53:9b:9a:d7:e9:27
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- Netscape Cert Type:
- SSL Server
- Netscape Comment:
- Easy-RSA Generated Server Certificate
- X509v3 Subject Key Identifier:
- 0C:E4:80:0C:A8:F2:7B:94:56:58:9C:7C:2C:A9:CD:22:47:02:FD:DB
- X509v3 Authority Key Identifier:
- keyid:24:38:EC:02:3B:47:C2:01:C3:4D:33:D3:B9:FE:79:17:0A:0C:D8:A8
- DirName:/C=PH/ST=BA/L=Bakleta City/O=BAKS/OU=baks/CN=BAKS CA/name=baks/emailAddress=baks@bakleta.mars.ph
- serial:96:C7:3B:A7:0D:82:0E:66
- X509v3 Extended Key Usage:
- TLS Web Server Authentication
- X509v3 Key Usage:
- Digital Signature, Key Encipherment
- X509v3 Subject Alternative Name:
- DNS:server
- Signature Algorithm: sha256WithRSAEncryption
- 8b:c9:ac:c5:9e:4f:93:7c:07:16:95:b3:c7:ab:62:41:dc:d6:
- dc:94:54:5e:fc:a8:84:6c:87:cf:c0:3f:e6:08:15:c7:67:b1:
- b5:37:f6:73:1a:0c:a5:2e:d5:71:95:1f:89:18:ad:60:28:bc:
- 09:da:b6:95:c5:92:d5:f1:61:ff:1b:a2:27:1e:c2:2d:56:96:
- 6f:35:6b:0e:bc:2d:63:2b:c6:00:6e:0b:c5:35:33:ce:42:8e:
- 9e:46:18:b3:a9:06:94:8d:6f:89:62:90:30:3a:d1:e3:ec:34:
- 56:7d:32:80:46:c4:3e:4d:8b:01:dd:fb:1b:7c:65:af:fa:15:
- 57:eb
- -----BEGIN CERTIFICATE-----
- MIIEHDCCA4WgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlTELMAkGA1UEBhMCUEgx
- CzAJBgNVBAgTAkJBMRUwEwYDVQQHEwxCYWtsZXRhIENpdHkxDTALBgNVBAoTBEJB
- S1MxDTALBgNVBAsTBGJha3MxEDAOBgNVBAMTB0JBS1MgQ0ExDTALBgNVBCkTBGJh
- a3MxIzAhBgkqhkiG9w0BCQEWFGJha3NAYmFrbGV0YS5tYXJzLnBoMB4XDTIwMDMw
- NzAwMTMxOFoXDTMwMDMwNTAwMTMxOFowgZQxCzAJBgNVBAYTAlBIMQswCQYDVQQI
- EwJCQTEVMBMGA1UEBxMMQmFrbGV0YSBDaXR5MQ0wCwYDVQQKEwRCQUtTMQ0wCwYD
- VQQLEwRiYWtzMQ8wDQYDVQQDEwZzZXJ2ZXIxDTALBgNVBCkTBGJha3MxIzAhBgkq
- hkiG9w0BCQEWFGJha3NAYmFrbGV0YS5tYXJzLnBoMIGfMA0GCSqGSIb3DQEBAQUA
- A4GNADCBiQKBgQDBCeKwUR9ZOJQ1+v6/31wZkuz9ae5wCEoXhwmB+k7nbYG4yQNH
- QmeIvnFrenc/VkYZJOsGXcr3I/9nHF4Ki2Km9DCIG7qJ9cynYs0jdPcbSs5jBEeH
- +gEEhr+OxL9qMZkt1IZ21S3eF4vsFUDbZt0hTqy155aiCjfx7VObmtfpJwIDAQAB
- o4IBeTCCAXUwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAwNAYJYIZIAYb4
- QgENBCcWJUVhc3ktUlNBIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYD
- VR0OBBYEFAzkgAyo8nuUVlicfCypzSJHAv3bMIHKBgNVHSMEgcIwgb+AFCQ47AI7
- R8IBw00z07n+eRcKDNiooYGbpIGYMIGVMQswCQYDVQQGEwJQSDELMAkGA1UECBMC
- QkExFTATBgNVBAcTDEJha2xldGEgQ2l0eTENMAsGA1UEChMEQkFLUzENMAsGA1UE
- CxMEYmFrczEQMA4GA1UEAxMHQkFLUyBDQTENMAsGA1UEKRMEYmFrczEjMCEGCSqG
- SIb3DQEJARYUYmFrc0BiYWtsZXRhLm1hcnMucGiCCQCWxzunDYIOZjATBgNVHSUE
- DDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0G
- CSqGSIb3DQEBCwUAA4GBAIvJrMWeT5N8BxaVs8erYkHc1tyUVF78qIRsh8/AP+YI
- FcdnsbU39nMaDKUu1XGVH4kYrWAovAnatpXFktXxYf8boicewi1Wlm81aw68LWMr
- xgBuC8U1M85Cjp5GGLOpBpSNb4likDA60ePsNFZ9MoBGxD5NiwHd+xt8Za/6FVfr
- -----END CERTIFICATE-----
- END
- # openvpn server key
- cat > /etc/openvpn/server.key <<-END
- -----BEGIN PRIVATE KEY-----
- MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMEJ4rBRH1k4lDX6
- /r/fXBmS7P1p7nAISheHCYH6TudtgbjJA0dCZ4i+cWt6dz9WRhkk6wZdyvcj/2cc
- XgqLYqb0MIgbuon1zKdizSN09xtKzmMER4f6AQSGv47Ev2oxmS3UhnbVLd4Xi+wV
- QNtm3SFOrLXnlqIKN/HtU5ua1+knAgMBAAECgYBGCnMw7E5GjivgpjB2p/F/6fqJ
- PD1icu+HN9zwR0UH3Yja5jyFR4fPauI2UBoiZghLKUUJa1CweWQ7ImTQyKBDN6VJ
- ICdxvBEhaolVf1stNKvNwkglwdiFCR50chArgaps22pbxt2wGS/UvB8wmylSi7Nz
- BuPuU/Kr9F7o0mNw8QJBAPHH/GSNauxyiq0zXIiFbNB9kQg+b/o7xr59y2VkQUDL
- iAnV0i1RcOH1tqRmWPx4N5x20u/y6z+a/WEkf45bqf8CQQDMZBSWUttIJn7lprIV
- mC9NkquHNL+nroQY+/6ktqnBVm6pa96COsSINwz5AmvTPjwIYUlV8AfLbmpuwzZu
- uzDZAkAlzMRS3CEpUkcICQ2gcmuutNLl3Q0YrBvIUFZqRaBGBwv/raQsXZ0uVoH1
- deLXpdvb5F/aD7pjuVF/zHr8wKv1AkEAjFRaXitdKthjX8Fnm7P1JkmBQz9QJwyG
- 3bCGUQio3Hk/WUsaZkd7EBrb6UtkRJECHq7M7xfyAhY5NPsKsFQNYQJBAO4fV+kl
- mStTiKiCi99Xg7CeNPkVZuoDXMBJX3qOO/n3TTldoeIsz73exboRgW7dvAQDziIC
- UjqyyCxhrJETjs4=
- -----END PRIVATE KEY-----
- END
- # openvpn dh parameters
- cat > /etc/openvpn/dh1024.pem <<-END
- -----BEGIN DH PARAMETERS-----
- MIGHAoGBAPvZs3Gm65VNPMQ7u3CMqXl4fxxGcCjhwC2MnF2XeUh3tPsSISmD/xoh
- Hfq4pmhvcjwIqH9mQPJ8KrwDxVw9c2TTNJrTzfLuPawnJgMMyMqRNaYICYtYbOtV
- 4l65bON8HZTZx4eKCJxh5fGiiTr3rnf+9UoR/p7+ipCuzfwFxWiLAgEC
- -----END DH PARAMETERS-----
- END
- # openvpn server config
- cat > /etc/openvpn/server.conf <<-END
- port 1194
- proto tcp
- dev tun
- ca ca.crt
- cert server.crt
- key server.key
- dh dh1024.pem
- plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so login
- verify-client-cert none
- username-as-common-name
- server 10.8.0.0 255.255.0.0
- persist-key
- persist-tun
- status openvpn-status.log
- verb 0
- cipher none
- auth none
- ncp-disable
- reneg-sec 0
- push "dhcp-option DNS 8.8.8.8"
- push "dhcp-option DNS 8.8.4.4"
- END
- # openvpn user logs
- cat > /etc/openvpn/openvpn-status.log <<-END
- END
- cd /root
- chmod -R 755 /etc/openvpn
- # ovpn config
- cat > /root/baks.ovpn <<-END
- client
- dev tun
- proto tcp-client
- remote $IPADDRESS 1194
- persist-key
- persist-tun
- remote-cert-tls server
- verb 3
- auth-user-pass
- redirect-gateway def1
- cipher none
- auth none
- auth-nocache
- auth-retry interact
- connect-retry 0 1
- nice -20
- reneg-sec 0
- http-proxy $IPADDRESS 8080
- http-proxy-option CUSTOM-HEADER CONNECT HTTP/1.0
- http-proxy-option CUSTOM-HEADER Host www.googleapis.com
- http-proxy-option CUSTOM-HEADER X-Online-Host www.googleapis.com
- http-proxy-option CUSTOM-HEADER X-Forward-Host www.googleapis.com
- http-proxy-option CUSTOM-HEADER Connection keep-alive
- http-proxy-option CUSTOM-HEADER Proxy-Connection keep-alive
- END
- echo '<ca>' >> /root/baks.ovpn
- cat /etc/openvpn/ca.crt >> /root/baks.ovpn
- echo>> /root/baks.ovpn
- echo '</ca>' >> /root/baks.ovpn
- # setting iptables
- cat > /etc/iptables.up.rules <<-END
- *nat
- :PREROUTING ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- :POSTROUTING ACCEPT [0:0]
- -A POSTROUTING -j SNAT --to-source $IPADDRESS
- -A POSTROUTING -o eth0 -j MASQUERADE
- -A POSTROUTING -s 10.8.0.0/16 -o eth0 -j MASQUERADE
- COMMIT
- *filter
- :INPUT ACCEPT [19406:27313311]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [9393:434129]
- -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
- -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
- -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT
- -A INPUT -p udp --dport 80 -m state --state NEW -j ACCEPT
- -A INPUT -p tcp --dport 1194 -m state --state NEW -j ACCEPT
- -A INPUT -p udp --dport 1194 -m state --state NEW -j ACCEPT
- -A INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT
- -A INPUT -p udp --dport 443 -m state --state NEW -j ACCEPT
- -A INPUT -p tcp --dport 442 -m state --state NEW -j ACCEPT
- -A INPUT -p udp --dport 442 -m state --state NEW -j ACCEPT
- -A INPUT -p tcp --dport 3128 -m state --state NEW -j ACCEPT
- -A INPUT -p udp --dport 3128 -m state --state NEW -j ACCEPT
- -A INPUT -p tcp --dport 8000 -m state --state NEW -j ACCEPT
- -A INPUT -p udp --dport 8000 -m state --state NEW -j ACCEPT
- -A INPUT -p tcp --dport 8888 -m state --state NEW -j ACCEPT
- -A INPUT -p udp --dport 8888 -m state --state NEW -j ACCEPT
- -A INPUT -p tcp --dport 8080 -m state --state NEW -j ACCEPT
- -A INPUT -p udp --dport 8080 -m state --state NEW -j ACCEPT
- -A INPUT -p tcp --dport 8118 -m state --state NEW -j ACCEPT
- -A INPUT -p udp --dport 8118 -m state --state NEW -j ACCEPT
- COMMIT
- *raw
- :PREROUTING ACCEPT [158575:227800758]
- :OUTPUT ACCEPT [46145:2312668]
- COMMIT
- *mangle
- :PREROUTING ACCEPT [158575:227800758]
- :INPUT ACCEPT [158575:227800758]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [46145:2312668]
- :POSTROUTING ACCEPT [46145:2312668]
- COMMIT
- END
- sed -i '$ i\iptables-restore < /etc/iptables.up.rules' /etc/rc.local
- iptables-restore < /etc/iptables.up.rules
- # change dns
- echo "nameserver 8.8.8.8" > /etc/resolv.conf
- echo "nameserver 8.8.4.4" >> /etc/resolv.conf
- sed -i '$ i\echo "nameserver 8.8.8.8" > /etc/resolv.conf' /etc/rc.local
- sed -i '$ i\echo "nameserver 8.8.4.4" >> /etc/resolv.conf' /etc/rc.local
- sed -i '$ i\sleep 10' /etc/rc.local
- sed -i '$ i\for p in $(pgrep openvpn); do renice -n -20 -p $p; done' /etc/rc.local
- # set time GMT +8
- ln -fs /usr/share/zoneinfo/Asia/Manila /etc/localtime
- # setting rules
- cat > /etc/ufw/before.rules <<-END
- # START OPENVPN RULES
- # NAT table rules
- *nat
- :POSTROUTING ACCEPT [0:0]
- # Allow traffic from OpenVPN client to eth0
- -A POSTROUTING -s 10.8.0.0/16 -o eth0 -j MASQUERADE
- COMMIT
- # END OPENVPN RULES
- END
- # set ipv4 forward
- echo 1 > /proc/sys/net/ipv4/ip_forward
- sed -i 's|#net.ipv4.ip_forward=1|net.ipv4.ip_forward=1|' /etc/sysctl.conf
- # setting port ssh
- service openvpn restart
- service openvpn@server start
- # finilazing
- rm -f baks.sh
- rm -rf ~/.bash_history && history -c & history -w
- clear
- echo ""
- echo ""
- echo "Installation Complete!"
- echo ""
- echo "Server IP : $IPADDRESS"
- echo "OpenVPN Port : 1194"
- echo ""
- echo ""
- echo ""
- exit
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement